2

sorry for my english, but i will try to explain my problem - i have site that using a lot of subdomains when I run scenario in main subdomain www.site.com and add some information to The SESSION inside that scenario, then I redirected to subdomain.site.com, and here the SESSION is empty

this is my settings for cookie

$this->Cookie->domain = ".site.com";        
$this->Cookie->key = md5('key');        
$this->Cookie->path = '/';

i tried to save THE SESSION in files, but it doesn't helps

Configure::write('Session.save', 'cake');

i tried this ini_set('session.cookie_domain', '.site.com'); but it didn't helps too

any ideas?

sukinsan
  • 513
  • 3
  • 14
  • 1
    I don't think data in session is affected by cookie. And why do you set Cookie->domain like that? why not just 'site.com'? Is that subdomain still under the same Cake app? – Anh Pham Aug 26 '11 at 08:28
  • yes one application for all subdomains, I set cookie as ".site.com" because in the cakephp's documentation i found this "Use '.yourdomain.com' to allow access from all your subdomains" – sukinsan Aug 26 '11 at 09:12
  • are both www and subdomain using the same cakephp application? if not, make sure the salt in the config is the same. – minaz Aug 29 '11 at 03:11
  • http://stackoverflow.com/questions/348282/php-cookie-domain-subdomain-control – Marek Sebera Sep 09 '11 at 12:31

2 Answers2

1

IE has problems accepting cookies if there is an underscore (_) in the subdomain. e.g. subdomain.tld.com is OK. sub_domain.tld.com BAD. Could be that.

sam
  • 164
  • 8
  • there's no underscore in his domain. when do you saw that and where? – genesis Sep 16 '11 at 23:27
  • I had that problem years ago but there is mention of it here. http://stackoverflow.com/questions/794243/internet-explorer-ignores-cookies-on-some-domains-cannot-read-or-set-cookies – sam Sep 16 '11 at 23:44
1

When the CakePHP 'Security.level' is set to 'high' or 'medium', CakePHP sets the PHP session.referer_check to your site hostname.

However, when the user clicks a link inside an email client, the referer check test fails and the session is marked as invalid.

What you have to do is the following:

1) Set CakePHP 'Security.level' as 'low'

OR

2) Provide a custom session configuration for CakePHP, as shown here, setting 'session.referer_check' to an empty string, this way:

ini_set('session.referer_check', '');
felipeptcho
  • 1,377
  • 2
  • 9
  • 23